W3C Releases New Web Privacy Standard

The World Wide Web Consortium (W3C) has released the first draft of a new web standard aimed at improving online privacy. The W3C’s new Standard for Online Privacy is a set of tools that will ultimately enable your browser to stop sites from tracking your every move on the web.

The first draft of the new privacy standard revolves around the “Do Not Track” (DNT) HTTP header originally introduced by Mozilla as a part of Firefox 4. The DNT header — a bit of code sent every time your browser talks to a web server — can be used to tell websites you don’t want to be tracked. The goal is to give you an easy way to opt out of often invasive tracking practices like behavioral advertising.

Behavior advertising refers to the increasingly common practice of tracking your online behavior and using it to tailor ads to your habits. Advertisers use cookies to follow you around the web, tracking which sites you visit, what you buy and even, in the case of mobile browsers, where you go.

Some web browsers, including Internet Explorer and Chrome, offer an opt-out mechanism in the form of a cookie — add the cookie to your browser and participating sites won’t track your browsing. While the cookie-based approach is widely supported by advertisers, if you ever clear your browser’s cookies for any reason, your privacy settings are lost.

Mozilla’s original “Do Not Track” tool offered the same end result — broadcasting your privacy settings to advertiser’s servers — but instead of using a cookie, Mozilla’s DNT effort created a new HTTP header. The header offers a more robust and permanent solution than cookies and it’s easier for users to control via a simple browser preference.

Mozilla's basic overview of how the DNT header might work

Earlier this year Mozilla turned its DNT efforts over to the W3C where the Tracking Protection Working Group was formed. The working group thus far includes everyone from the major browser vendors to large websites like Google and Facebook. Consumer advocacy groups like Consumer Watchdog, the Electronic Frontier Foundation and even the U.S. Federal Trade Commission are also participating. This first draft of the new privacy standard is the groups’ first public release.

The new spec goes quite a bit further than Mozilla’s original definition of DNT, including sections to define how the header is transmitted, what URI servers should use to respond and how websites are to comply with the preference. Obviously, because this is just the first draft there are still many gaps in the spec.

The new privacy spec is only a first draft, but that’s not the main problem currently stopping DNT from becoming a real-world way to protect your privacy. The real problem is the advertisers. While many are already on board with the new DNT standard, so far few actually obey it. Skeptics often argue that the DNT header won’t truly protect your privacy because there’s no way to force advertising sites to obey it. That is true, and there will no doubt always be some bad apples on the web, but the advertising industry has a surprisingly good track record of self-regulation. Much of that record no doubt stems from fear that, without some degree of self-regulation, governments will step in to impose their own regulation on behalf of consumers.

The W3C’s new privacy standard effort is a long way from finished, and, because it relies on the voluntary participation of advertisers, it will likely never completely protect your privacy. Still, it’s a stronger means of opting out than cookies. Moreover, the existence of an official DNT standard blessed by the W3C just might convince more advertisers to support the initiative.